rsync over ssh and passwordless logins

For a while now I’ve been doing offsite backups from the shop to my house, and vice-versa, using rsync.  The thing is, I have my ports on my home router switched around so the script-kiddies don’t rattle my gates all day.  When I was setting up rsync, I read somewhere that the only way to specify a port other than the default was to do a daemon mode transfer.  The trouble is you lose the encryption of ssh if you do it that way.

Nicely enough, I have found this statement to be false.  You can EASILY specify an alternate port in remote shell mode by adding the following to the options in your rsync command:

-e "ssh -p port_num"

Just replace port_num with the port you want to use.  Now we’re encrypted!  What the -e option does is specify the command that should be executed as the remote shell login.  As far as I know, you can put any option there that you could normally pass to ssh. The problem is, we can’t use the –password-file option in remote shell mode.  You can’t really script a backup if it waits for you to put your ssh password in, can you?  The solution is using key-based logins instead of password-based logins.  Here’s an excellent article that explains how: http://www.debian-administration.org/articles/152.

Armed with our knowledge of the -e parameter for rsync and our properly generated and placed keys, we can script our backup!  Just remember that when you generate your keys, you need to do it as whatever user your backup script will run as (probably root, if you use cron).  Here’s an example line from one of my backup scripts:

rsync -vz -e "ssh -p 55555" remote_user@remote_host:/backup/* /backup/remote_files

This logs in to the remote host and copies the files from a folder called “/backup” to a local folder called “/backup/remote_files”.  It’s really simple, and it’s encrypted.  Voiala!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: